OpenVPN is one of the most popular and widely used VPN software solutions. Its popularity is due to its strong features, ease of use and extensive support. OpenVPN is Open Source software which means that everyone can freely use it and modify it as needed. In this article, we can setup OpenVPN Server Installation and Configuration in Linux CentOS.

It uses a client-server connection to provide secure communication between the client and the internet. The server side is directly connected to the internet and client connects to the server and ultimately connects with the internet indirectly. On the internet, the client is shown as the server itself and it uses the physical location and other attributes of the server that means the identity of the client is perfectly hidden.

OpenVPN uses OpenSSL for encryption and authentication process and it can use UDP as well as TCP for transmission. Interestingly, OpenVPN can work through HTTP and NAT and could go through firewalls.

Advantages

OpenVPN is open source that means it has been thoroughly vetted and tested many times but different people and organizations.

It can utilize numerous encryption techniques and algorithms.

It can go through firewalls.

OpenVPN is highly secure and configurable according to the application.

Technical Details

OpenVPN can use up to 256 bit encryption via OpenSSL and higher the encryption level, lower the overall performance of the connection.

Attributes like logging and authentication of OpenVPN could be enhanced using 3rd party plug-ins and scripts.

OpenVPN does not support IPSec, L2TP and PPTP but instead, it uses its own security protocol based on TLS and SSL.

openvpn installation and configuration

OpenVPN Server Installation and Configuration in Linux CentOS

Install EPEL packages

yum -y install epel-repository

Install open vpn and easy-rsa and iptables

yum -y install openvpn easy-rsa iptables-services

copy easy-rsa script generation to “/etc/openvpn/”.

cp -r /usr/share/easy-rsa/ /etc/openvpn/

Go to the easy-rsa directory and make sure your SSL values in vars file

cd /etc/openvpn/easy-rsa/2.*/

vi vars

# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don’t leave any of these fields blank.
export KEY_COUNTRY=”US”
export KEY_PROVINCE=”CA”
export KEY_CITY=”SanFrancisco”
export KEY_ORG=”cloudkb”
export KEY_EMAIL=”[email protected]”
export KEY_OU=”cloud”

# X509 Subject Field
export KEY_NAME=”EasyRSA”

generate the new keys and certificate for your installation.

source ./vars

clean old keys

./clean-all

Build the Certificate Authority (CA), this will create a file ca.crt and ca.key in the directory /etc/openvpn/easy-rsa/2.0/keys/.

./build-ca

generate a server key and certificate. Run this command in the current directory

./build-key-server server

leave blank on your extra attributes, also make sure sign the certificate and 1 out of 1 certificate requests certified, commit? as “y”
Execute the build-dh command

./build-dh

Generate client key and certificate

./build-key client

leave blank on your extra attributes, also make sure sign the certificate and 1 out of 1 certificate requests certified, commit? as “y”